{"id":41528,"date":"2020-09-10T12:59:15","date_gmt":"2020-09-10T19:59:15","guid":{"rendered":"https:\/\/www.enxmag.com\/twii\/?p=41528"},"modified":"2020-09-10T12:59:18","modified_gmt":"2020-09-10T19:59:18","slug":"the-it-bodyguard-guidance-peace-of-mind-nearly-as-vital-as-security-tools","status":"publish","type":"post","link":"https:\/\/www.enxmag.com\/twii\/feature-articles\/2020\/09\/the-it-bodyguard-guidance-peace-of-mind-nearly-as-vital-as-security-tools\/","title":{"rendered":"The IT Bodyguard: Guidance, Peace of Mind Nearly as Vital as Security Tools"},"content":{"rendered":"\n
\"\"<\/figure><\/div>\n\n\n\n

Let\u2019s be honest. For the garden-variety office environment\nend-user, the top of security can be daunting. While most Americans have heard\nof cybercriminals, many of them only have a cursory knowledge regarding how\nbusiness systems are infiltrated and compromised. They\u2019re told not to click on\nsuspicious emails, but without security awareness training, the typical\nworker\u2019s primary expertise is found in the line of business applications they\nuse on a daily basis.<\/p>\n\n\n\n

Herein lies the beauty of a true managed services\nproposition. Certainly, the tools play a vital role in developing a dealer\u2019s\nvalue proposition, and not all tools are created equal. Many dealers go to\ngreat lengths (and expense) to ensure their managed IT and security components\nemploy only top-of-line third-party solutions from the biggest technology\nplayers on the planet. But the advisory role furnished by service providers is\nthe point of differentiation; the depth of experience and knowledge dealers\nhave in a wide range of verticals, covering the full gamut of compliance requirements.<\/p>\n\n\n\n

\"\"
Paul Hager, Gordon Flesch Co.<\/figcaption><\/figure><\/div>\n\n\n\n

For Elevity, the managed IT division for Gordon Flesch\nCompany of Madison, Wisconsin, the initial engagement entails an initial review\nof the client\u2019s environment by its assessment and advisory team, notes Paul\nHager, director of solutions. That process is then repeated on a quarterly\nbasis.<\/p>\n\n\n\n

\u201cWe often see clients who believe they are protected but are really lacking a comprehensive, layered approach to security,\u201d Hager said. \u201cOften the missing pieces are in the ongoing training\/testing and human aspects, as well as failing to fully protect the main entry points\u2014vulnerable identities and spear-phishing over email.\u201d<\/p>\n\n\n\n

The calendar may read 2020, but many end-users seem to be\nstuck in a circa-2000 time warp when it comes to blind spots. Keith Adams, vice\npresident of IT for Les Olson Company of Salt Lake City, points out that users\nand passwords, and a lack of basic prevention systems or group policies to\nlimit access to systems continue to plague clients.<\/p>\n\n\n\n

\"\"
Keith Adams, Les Olson Co.<\/figcaption><\/figure><\/div>\n\n\n\n

\u201cWe regularly encounter environments where many\nusers have rights and access far beyond their individual job function needs,\u201d\nAdams said. \u201cThis is often a legacy problem that was initially not dealt with\ndue to a perception of inconvenience. By having a conversation around the\nconcept of WHEN, not IF there could be a user compromise event, we can promote\nconcepts of change. While those conversations do not always result in an\nimmediate adoption of change by the client, it sets the stage for future\nactions on their behalf.\u201d<\/p>\n\n\n\n

To illustrate a client\u2019s vulnerabilities, Les Olson Company regularly produces scorecards to shed light on the areas of weakness within their environment. Adams notes that by highlighting areas of improvement that can be addressed, often with little to no monetary investment, the dealer can foster an environment where the client understands the policies, procedures and products that can yield optimal protection.<\/p>\n\n\n\n

Knowing the Network<\/strong><\/p>\n\n\n\n

One of the first steps to providing security provisions for\nthose properties on a client\u2019s network is knowing what is on the client\u2019s\nnetwork. That may sound elementary, but beyond desktops, PCs, printers and\nother devices, but access systems, door readers and camera systems can also be\ncommon breach points in a network, according to Mike Burgard, CISO for Marco of\nSt. Cloud, Minnesota. Those points have also served as the most common breach\npoints in some of the nation\u2019s largest public data breaches in recent years.<\/p>\n\n\n\n

\"\"
Mike Burgard, Marco<\/figcaption><\/figure><\/div>\n\n\n\n

Vulnerability management is another major focal point in any\nsecurity conversation, according to Burgard. \u201cWe\u2019ve seen a lot of\nvulnerabilities in the news the last couple of years and wannacry was one of\nthe big ones, leading to the largest Russian ransomware in history,\u201d he said.\n\u201cThere was a passionate effort behind that scheme. It\u2019s a three-year-old\nvulnerability and many organizations still haven\u2019t patched it. You\u2019re making it\neasy for the bad guys when you leave old, known things exposed on your network.\nVulnerability management is important because it\u2019s a really easy metric to\nreport on and a good metric to show the overall effectiveness of the security\nprogram.\u201d<\/p>\n\n\n\n

\"\"
Scott Anderson, Kelley Connect<\/figcaption><\/figure><\/div>\n\n\n\n

The lack of any security awareness training component is perhaps the biggest blind spot for end-users, according to Scott Anderson, senior vice president of IT for Kelley Connect, headquartered in Kent, Washington. The dealer\u2019s prime responsibility in an advisory role, he notes, is to point out all the risks and gaps in a client\u2019s infrastructure. <\/p>\n\n\n\n

\u201cIt\u2019s our job to call out all the risks and determine what risks we can remediate, and which risks we are OK accepting,\u201d Anderson added. \u201cThere are a lot of risks out there, so let\u2019s prioritize them and see which ones would be bad for the organization, and which risks that are willing to accept. It\u2019s a joint conversation with the client based on advising and determining exactly where they want to put their budget. Risk acceptance is an OK strategy, because at least then you know what your risks are.\u201d <\/p>\n","protected":false},"excerpt":{"rendered":"

Let\u2019s be honest. For the garden-variety office environment end-user, the top of security can be daunting. While most Americans have heard of cybercriminals, many of them only have a cursory knowledge regarding how business systems are infiltrated and compromised. They\u2019re told not to click on suspicious emails, but without security awareness training, the typical worker\u2019s primary expertise is found in the line of business applications they use on a daily basis. Herein lies the beauty of a true managed services proposition. Certainly, the tools play a vital role in developing a dealer\u2019s value proposition, and not all tools are created equal. Many dealers go to great lengths (and expense) to ensure their managed IT and security components employ only top-of-line third-party solutions from the biggest technology players on the planet. But the advisory role furnished by service providers is the point of differentiation; the depth of experience and knowledge dealers have in a wide range of verticals, covering the full gamut of compliance requirements. For Elevity, the managed IT division for Gordon Flesch Company of Madison, Wisconsin, the initial engagement entails an initial review of the client\u2019s environment by its assessment and advisory team, notes Paul Hager, director of solutions. That process is then repeated on a quarterly basis. \u201cWe often see clients who believe they are protected but are really lacking a comprehensive, layered approach to security,\u201d Hager said. \u201cOften the missing pieces are in the ongoing training\/testing and human aspects, as well as failing to fully protect the main entry points\u2014vulnerable identities and spear-phishing over email.\u201d The calendar may read 2020, but many end-users seem to be stuck in a circa-2000 time warp when it comes to blind spots. Keith Adams, vice president of IT for Les Olson Company of Salt Lake City, points out that users and passwords, and a lack of basic prevention systems or group policies to limit access to systems continue to plague clients. \u201cWe regularly encounter environments where many users have rights and access far beyond their individual job function needs,\u201d Adams said. \u201cThis is often a legacy problem that was initially not dealt with due to a perception of inconvenience. By having a conversation around the concept of WHEN, not IF there could be a user compromise event, we can promote concepts of change. While those conversations do not always result in an immediate adoption of change by the client, it sets the stage for future actions on their behalf.\u201d To illustrate a client\u2019s vulnerabilities, Les Olson Company regularly produces scorecards to shed light on the areas of weakness within their environment. Adams notes that by highlighting areas of improvement that can be addressed, often with little to no monetary investment, the dealer can foster an environment where the client understands the policies, procedures and products that can yield optimal protection. Knowing the Network One of the first steps to providing security provisions for those properties on a client\u2019s network is knowing what is on the client\u2019s network. That may sound elementary, but beyond desktops, PCs, printers and other devices, but access systems, door readers and camera systems can also be common breach points in a network, according to Mike Burgard, CISO for Marco of St. Cloud, Minnesota. Those points have also served as the most common breach points in some of the nation\u2019s largest public data breaches in recent years. Vulnerability management is another major focal point in any security conversation, according to Burgard. \u201cWe\u2019ve seen a lot of vulnerabilities in the news the last couple of years and wannacry was one of the big ones, leading to the largest Russian ransomware in history,\u201d he said. \u201cThere was a passionate effort behind that scheme. It\u2019s a three-year-old vulnerability and many organizations still haven\u2019t patched it. You\u2019re making it easy for the bad guys when you leave old, known things exposed on your network. Vulnerability management is important because it\u2019s a really easy metric to report on and a good metric to show the overall effectiveness of the security program.\u201d The lack of any security awareness training component is perhaps the biggest blind spot for end-users, according to Scott Anderson, senior vice president of IT for Kelley Connect, headquartered in Kent, Washington. The dealer\u2019s prime responsibility in an advisory role, he notes, is to point out all the risks and gaps in a client\u2019s infrastructure. \u201cIt\u2019s our job to call out all the risks and determine what risks we can remediate, and which risks we are OK accepting,\u201d Anderson added. \u201cThere are a lot of risks out there, so let\u2019s prioritize them and see which ones would be bad for the organization, and which risks that are willing to accept. It\u2019s a joint conversation with the client based on advising and determining exactly where they want to put their budget. Risk acceptance is an OK strategy, because at least then you know what your risks are.\u201d<\/p>\n","protected":false},"author":166,"featured_media":41529,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1650,82,87,1638],"tags":[2023,3785,3528,545],"_links":{"self":[{"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/posts\/41528"}],"collection":[{"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/users\/166"}],"replies":[{"embeddable":true,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/comments?post=41528"}],"version-history":[{"count":1,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/posts\/41528\/revisions"}],"predecessor-version":[{"id":41530,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/posts\/41528\/revisions\/41530"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/media\/41529"}],"wp:attachment":[{"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/media?parent=41528"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/categories?post=41528"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/tags?post=41528"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}